draft-ietf-xmpp-websocket-06.txt   draft-ietf-xmpp-websocket-07.txt 
XMPP Working Group L. Stout, Ed. XMPP Working Group L. Stout, Ed.
Internet-Draft &yet Internet-Draft &yet
Intended status: Standards Track J. Moffitt Intended status: Standards Track J. Moffitt
Expires: October 24, 2014 Mozilla Expires: December 8, 2014 Mozilla
E. Cestari E. Cestari
cstar industries cstar industries
April 22, 2014 June 6, 2014
An XMPP Sub-protocol for WebSocket An XMPP Sub-protocol for WebSocket
draft-ietf-xmpp-websocket-06 draft-ietf-xmpp-websocket-07
Abstract Abstract
This document defines a binding for the XMPP protocol over a This document defines a binding for the XMPP protocol over a
WebSocket transport layer. A WebSocket binding for XMPP provides WebSocket transport layer. A WebSocket binding for XMPP provides
higher performance than the current HTTP binding for XMPP. higher performance than the current HTTP binding for XMPP.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 24, 2014. This Internet-Draft will expire on December 8, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 31 skipping to change at page 2, line 31
3.6.1. see-other-uri . . . . . . . . . . . . . . . . . . . . 8 3.6.1. see-other-uri . . . . . . . . . . . . . . . . . . . . 8
3.7. Stream Restarts . . . . . . . . . . . . . . . . . . . . . 8 3.7. Stream Restarts . . . . . . . . . . . . . . . . . . . . . 8
3.8. Pings and Keepalives . . . . . . . . . . . . . . . . . . 8 3.8. Pings and Keepalives . . . . . . . . . . . . . . . . . . 8
3.9. Use of TLS . . . . . . . . . . . . . . . . . . . . . . . 9 3.9. Use of TLS . . . . . . . . . . . . . . . . . . . . . . . 9
3.10. Stream Management . . . . . . . . . . . . . . . . . . . . 9 3.10. Stream Management . . . . . . . . . . . . . . . . . . . . 9
4. Discovering the WebSocket Connection Method . . . . . . . . . 9 4. Discovering the WebSocket Connection Method . . . . . . . . . 9
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
5.1. WebSocket Subprotocol Name . . . . . . . . . . . . . . . 10 5.1. WebSocket Subprotocol Name . . . . . . . . . . . . . . . 10
5.2. URN Sub-Namespace . . . . . . . . . . . . . . . . . . . . 10 5.2. URN Sub-Namespace . . . . . . . . . . . . . . . . . . . . 10
6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11
6.1. Intermediary Services . . . . . . . . . . . . . . . . . . 11
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
7.1. Normative References . . . . . . . . . . . . . . . . . . 11 7.1. Normative References . . . . . . . . . . . . . . . . . . 11
7.2. Informative References . . . . . . . . . . . . . . . . . 11 7.2. Informative References . . . . . . . . . . . . . . . . . 12
Appendix A. XML Schema . . . . . . . . . . . . . . . . . . . . . 12 Appendix A. XML Schema . . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
Applications using the Extensible Messaging and Presence Protocol Applications using the Extensible Messaging and Presence Protocol
(XMPP) (see [RFC6120] and [RFC6121]) on the Web currently make use of (XMPP) (see [RFC6120] and [RFC6121]) on the Web currently make use of
BOSH (see [XEP-0124] and [XEP-0206]), an XMPP binding to HTTP. BOSH BOSH (see [XEP-0124] and [XEP-0206]), an XMPP binding to HTTP. BOSH
is based on the HTTP long polling technique, and it suffers from high is based on the HTTP long polling technique, and it suffers from high
transport overhead compared to XMPP's native binding to TCP. In transport overhead compared to XMPP's native binding to TCP. In
addition, there are a number of other known issues with long polling addition, there are a number of other known issues with long polling
skipping to change at page 8, line 9 skipping to change at page 8, line 9
If the WebSocket connection is closed or broken without the XMPP If the WebSocket connection is closed or broken without the XMPP
stream having been closed first, then the XMPP stream is considered stream having been closed first, then the XMPP stream is considered
implicitly closed and the XMPP session ended; however, if the use of implicitly closed and the XMPP session ended; however, if the use of
stream management resumption was negotiated (see [XEP-0198]), the stream management resumption was negotiated (see [XEP-0198]), the
server SHOULD consider the XMPP session still alive for a period of server SHOULD consider the XMPP session still alive for a period of
time based on server policy as specified in [XEP-0198]. time based on server policy as specified in [XEP-0198].
3.6.1. see-other-uri 3.6.1. see-other-uri
If the server (or a connection manager intermediary) wishes at any If the server wishes at any point to instruct the client to move to a
point to instruct the client to move to a different WebSocket different WebSocket endpoint (e.g. for load balancing purposes), the
endpoint (e.g. for load balancing purposes), the server MAY send a server MAY send a <close/> element and set the "see-other-uri"
<close/> element and set the "see-other-uri" attribute to the URI of attribute to the URI of the new connection endpoint (which MAY be for
the new connection endpoint (which MAY be for a different transport a different transport method, such as BOSH (see [XEP-0124] and
method, such as BOSH (see [XEP-0124] and [XEP-0206]). [XEP-0206]).
Clients MUST NOT accept suggested endpoints with a lower security Clients MUST NOT accept suggested endpoints with a lower security
context (e.g. moving from a "wss://" endpoint to a "ws://" or "http:/ context (e.g. moving from a "wss://" endpoint to a "ws://" or "http:/
/" endpoint). /" endpoint).
An example of the server closing a stream and instructing the client An example of the server closing a stream and instructing the client
to connect at a different WebSocket endpoint: to connect at a different WebSocket endpoint:
S: <close xmlns="urn:ietf:params:xml:ns:xmpp-framing" S: <close xmlns="urn:ietf:params:xml:ns:xmpp-framing"
see-other-uri="wss://otherendpoint.example/xmpp-bind" /> see-other-uri="wss://otherendpoint.example/xmpp-bind" />
skipping to change at page 11, line 32 skipping to change at page 11, line 32
When presented with a new WebSocket endpoint via the "see-other-uri" When presented with a new WebSocket endpoint via the "see-other-uri"
attribute of a <close/> element, clients MUST NOT accept the attribute of a <close/> element, clients MUST NOT accept the
suggestion if the security context of the new endpoint is lower than suggestion if the security context of the new endpoint is lower than
the current one in order to prevent downgrade attacks from a "wss://" the current one in order to prevent downgrade attacks from a "wss://"
endpoint to "ws://". endpoint to "ws://".
The Security Considerations for both WebSocket (see Section 10 of The Security Considerations for both WebSocket (see Section 10 of
[RFC6455] and XMPP (see Section 13 of [RFC6120]) apply to the [RFC6455] and XMPP (see Section 13 of [RFC6120]) apply to the
WebSocket XMPP sub-protocol. WebSocket XMPP sub-protocol.
6.1. Intermediary Services
If the XMPP over WebSocket endpoint is provided as an intermediary
service between a backend XMPP service and the client, then it SHOULD
encrypt its connection to the backend XMPP service using any
available and appropriate technologies, such as TLS and StartTLS.
If data privacy is desired, a client SHOULD encrypt its messages
using an application specific end-to-end encryption technology, as
there is no way for the client to ensure that the XMPP over WebSocket
service is using an encryped connection to the backend XMPP service.
Methods for doing so are beyond the scope of this specification.
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC6120] Saint-Andre, P., "Extensible Messaging and Presence [RFC6120] Saint-Andre, P., "Extensible Messaging and Presence
Protocol (XMPP): Core", RFC 6120, March 2011. Protocol (XMPP): Core", RFC 6120, March 2011.
 End of changes. 8 change blocks. 
12 lines changed or deleted 26 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/